From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5)
Gecko/20041111 Firefox/1.0
Description of problem:
After upgrading from php-4.3.2-14.ent to php-4.3.2-19.ent our intranet
pages slowed down to a crawl. The load also increased.
Reverting to the previous version fixed the problems.
Version-Release number of selected component (if applicable):
php-4.3.2-19.ent
How reproducible:
Always
Steps to Reproduce:
Upgrade php to php-4.3.2-19.ent
Actual Results: PHP pages slow down to a crawl. The load also increases.
Expected Results: Normal performance, with closed security holes
Additional info:
ab -n 5 -c 1 http://our.server.com/
reported
Requests per second: 0.20 [#/sec] (mean)
Time per request: 5058.570 [ms] (mean)
Time per request: 5058.570 [ms] (mean, across all concurrent
requests)
After reverting to php-4.3.2-14.ent performance went back to what I
would consider more acceptable:
Requests per second: 0.77 [#/sec] (mean)
Time per request: 1295.457 [ms] (mean)
Time per request: 1295.457 [ms] (mean, across all concurrent
requests)
I tested the newest version of php both with APC and ZendOptimizer
without any improvements.
The server is running a content management system called mysource
classic. (http://www.squiz.net/).

Thanks for the report. There were some performance regressions in the
"unserializer" code introduced as a side-effect of the security fixes
in the recent PHP update. Patches have been produced upstream which
correct the issue.
Experimental test packages are now available from the URL below which
contain these patches. These packages are unsupported and have not
gone through the Red Hat QA process.
http://people.redhat.com/jorton/Taroon-php/
Any feedback from testing these packages out is very welcome.

The performance regression is rather bad. Using phpGedView-3.00-1 that
heavily relies on unserialize(), rendering of index.php deteriorates
from a couple of secs to > 2 minutes (this is on a SuSE 9.0 box, both
plain as well as with a patch that updates var_unserialize.c to
4.3.10, but that shouldn't matter for the issue involved).
http://bugs.php.net/bug.php?id=31332 suggest this issue is fixed in
CVS for rev 1.47 and 1.48 of that particular file. However it seems
some other files are affected as well.

Update of var_unserialize.c to CVS rev. 1.18.4.15 and php_var.h to CVS
rev. 1.21.4.5 indeed fixes the issue for me.
Note that that http://cvs.php.net is a bit sloppy about white space
(no space on empty lines for diffs and removed white space at end of
line) and these revisions contain some ^#line comments that should be
removed.

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
http://rhn.redhat.com/errata/RHSA-2005-405.html

Note

You need to
log in
before you can comment on or make changes to this bug.